PageRenderTime 39ms CodeModel.GetById 19ms app.highlight 11ms RepoModel.GetById 1ms app.codeStats 0ms

/Gedemin/Common/Wcrypt2.pas

http://gedemin.googlecode.com/
Pascal | 1715 lines | 1091 code | 260 blank | 364 comment | 0 complexity | 5ffa2cba1a78630abdd143bc578c476a MD5 | raw file
   1{******************************************************************}
   2{                                                                  }
   3{ Borland Delphi Runtime Library                                   }
   4{ Cryptographic API interface unit                                 }
   5{                                                                  }
   6{ Portions created by Microsoft are                                }
   7{ Copyright (C) 1993-1998 Microsoft Corporation.                   }
   8{ All Rights Reserved.                                             }
   9{                                                                  }
  10{ The original file is: wincrypt.h, 1992 - 1997                    }
  11{ The original Pascal code is: wcrypt2.pas, released 01 Jan 1998   }
  12{ The initial developer of the Pascal code is                      }
  13{  Massimo Maria Ghisalberti  (nissl@dada.it)                      }
  14{                                                                  }
  15{ Portions created by Massimo Maria Ghisalberti are                }
  16{ Copyright (C) 1997-1998 Massimo Maria Ghisalberti                }
  17{                                                                  }
  18{ Contributor(s):                                                  }
  19{     Peter Tang (peter.tang@citicorp.com)                         }
  20{     Phil Shrimpton (phil@shrimpton.co.uk)                        }
  21{                                                                  }
  22{ Obtained through:                                                }
  23{                                                                  }
  24{ Joint Endeavour of Delphi Innovators (Project JEDI)              }
  25{                                                                  }
  26{ You may retrieve the latest version of this file at the Project  }
  27{ JEDI home page, located at http://delphi-jedi.org                }
  28{                                                                  }
  29{ The contents of this file are used with permission, subject to   }
  30{ the Mozilla Public License Version 1.1 (the "License"); you may  }
  31{ not use this file except in compliance with the License. You may }
  32{ obtain a copy of the License at                                  }
  33{ http://www.mozilla.org/MPL/MPL-1.1.html                          }
  34{                                                                  }
  35{ Software distributed under the License is distributed on an      }
  36{ "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or   }
  37{ implied. See the License for the specific language governing     }
  38{ rights and limitations under the License.                        }
  39{                                                                  }
  40{******************************************************************}
  41
  42unit wcrypt2;
  43
  44{.$DEFINE NT5}
  45
  46{$ALIGN ON}
  47
  48{$IFNDEF VER90}
  49  {$WEAKPACKAGEUNIT}
  50{$ENDIF}
  51
  52interface
  53
  54uses
  55  Windows
  56  {$IFDEF VER90}
  57  ,Ole2
  58  {$ENDIF};
  59
  60const
  61  ADVAPI32    = 'advapi32.dll';
  62  CRYPT32     = 'crypt32.dll';
  63  SOFTPUB     = 'softpub.dll';
  64{$IFDEF NT5}
  65  ADVAPI32NT5 = 'advapi32.dll';
  66{$ENDIF}
  67
  68{Support Type}
  69
  70type
  71    PVOID = Pointer;
  72    LONG  = DWORD;
  73    {$IFDEF UNICODE}
  74      LPAWSTR = PWideChar;
  75    {$ELSE}
  76      LPAWSTR = PAnsiChar;
  77    {$ENDIF}
  78
  79//-----------------------------------------------------------------------------
  80    // Type support for a pointer to an array of pointer (type **name)
  81    PLPSTR          = Pointer; // type for a pointer to Array of pointer a type
  82    PPCERT_INFO     = Pointer; // type for a pointer to Array of pointer a type
  83    PPVOID          = Pointer; // type for a pointer to Array of pointer a type
  84    PPCCERT_CONTEXT = Pointer; // type for a pointer to Array of pointer a type
  85    PPCCTL_CONTEXT  = Pointer; // type for a pointer to Array of pointer a type
  86    PPCCRL_CONTEXT  = Pointer; // type for a pointer to Array of pointer a type
  87//-----------------------------------------------------------------------------
  88
  89//+---------------------------------------------------------------------------
  90//
  91//  Microsoft Windows
  92//  Copyright (C) Microsoft Corporation, 1992 - 1997.
  93//
  94//  File:       wincrypt.h
  95//
  96//  Contents:   Cryptographic API Prototypes and Definitions
  97//
  98//----------------------------------------------------------------------------
  99
 100
 101//
 102// Algorithm IDs and Flags
 103//
 104
 105// ALG_ID crackers
 106function GET_ALG_CLASS(x:integer) :integer;
 107function GET_ALG_TYPE(x:integer) :integer;
 108function GET_ALG_SID(x:integer) :integer;
 109
 110Const
 111  // Algorithm classes
 112  ALG_CLASS_ANY          = 0;
 113  ALG_CLASS_SIGNATURE    = (1 shl 13);
 114  ALG_CLASS_MSG_ENCRYPT  = (2 shl 13);
 115  ALG_CLASS_DATA_ENCRYPT = (3 shl 13);
 116  ALG_CLASS_HASH         = (4 shl 13);
 117  ALG_CLASS_KEY_EXCHANGE = (5 shl 13);
 118
 119  // Algorithm types
 120  ALG_TYPE_ANY           = 0;
 121  ALG_TYPE_DSS           = (1 shl 9);
 122  ALG_TYPE_RSA           = (2 shl 9);
 123  ALG_TYPE_BLOCK         = (3 shl 9);
 124  ALG_TYPE_STREAM        = (4 shl 9);
 125  ALG_TYPE_DH            = (5 shl 9);
 126  ALG_TYPE_SECURECHANNEL = (6 shl 9);
 127
 128  // Generic sub-ids
 129  ALG_SID_ANY = 0;
 130
 131  // Some RSA sub-ids
 132  ALG_SID_RSA_ANY        = 0;
 133  ALG_SID_RSA_PKCS       = 1;
 134  ALG_SID_RSA_MSATWORK   = 2;
 135  ALG_SID_RSA_ENTRUST    = 3;
 136  ALG_SID_RSA_PGP        = 4;
 137
 138  // Some DSS sub-ids
 139  ALG_SID_DSS_ANY        = 0;
 140  ALG_SID_DSS_PKCS       = 1;
 141  ALG_SID_DSS_DMS        = 2;
 142
 143  // Block cipher sub ids
 144  // DES sub_ids
 145  ALG_SID_DES            = 1;
 146  ALG_SID_3DES           = 3;
 147  ALG_SID_DESX           = 4;
 148  ALG_SID_IDEA           = 5;
 149  ALG_SID_CAST           = 6;
 150  ALG_SID_SAFERSK64      = 7;
 151  ALD_SID_SAFERSK128     = 8;
 152  ALG_SID_SAFERSK128     = 8;
 153  ALG_SID_3DES_112       = 9;
 154  ALG_SID_CYLINK_MEK     = 12;
 155  ALG_SID_RC5            = 13;
 156
 157  // Fortezza sub-ids
 158  ALG_SID_SKIPJACK       = 10;
 159  ALG_SID_TEK            = 11;
 160
 161  // KP_MODE
 162  CRYPT_MODE_CBCI        = 6;  {ANSI CBC Interleaved}
 163  CRYPT_MODE_CFBP        = 7;  {ANSI CFB Pipelined}
 164  CRYPT_MODE_OFBP        = 8;  {ANSI OFB Pipelined}
 165  CRYPT_MODE_CBCOFM      = 9;  {ANSI CBC + OF Masking}
 166  CRYPT_MODE_CBCOFMI     = 10; {ANSI CBC + OFM Interleaved}
 167
 168  // RC2 sub-ids
 169  ALG_SID_RC2            = 2;
 170
 171  // Stream cipher sub-ids
 172  ALG_SID_RC4            = 1;
 173  ALG_SID_SEAL           = 2;
 174
 175  // Diffie-Hellman sub-ids
 176  ALG_SID_DH_SANDF       = 1;
 177  ALG_SID_DH_EPHEM       = 2;
 178  ALG_SID_AGREED_KEY_ANY = 3;
 179  ALG_SID_KEA            = 4;
 180
 181  // Hash sub ids
 182  ALG_SID_MD2            = 1;
 183  ALG_SID_MD4            = 2;
 184  ALG_SID_MD5            = 3;
 185  ALG_SID_SHA            = 4;
 186  ALG_SID_SHA1           = 4;
 187  ALG_SID_MAC            = 5;
 188  ALG_SID_RIPEMD         = 6;
 189  ALG_SID_RIPEMD160      = 7;
 190  ALG_SID_SSL3SHAMD5     = 8;
 191  ALG_SID_HMAC           = 9;
 192
 193  // secure channel sub ids
 194  ALG_SID_SSL3_MASTER          = 1;
 195  ALG_SID_SCHANNEL_MASTER_HASH = 2;
 196  ALG_SID_SCHANNEL_MAC_KEY     = 3;
 197  ALG_SID_PCT1_MASTER          = 4;
 198  ALG_SID_SSL2_MASTER          = 5;
 199  ALG_SID_TLS1_MASTER          = 6;
 200  ALG_SID_SCHANNEL_ENC_KEY     = 7;
 201
 202  // Our silly example sub-id
 203  ALG_SID_EXAMPLE              = 80;
 204
 205{$IFNDEF ALGIDDEF}
 206  {$DEFINE ALGIDDEF}
 207Type ALG_ID = ULONG;
 208{$ENDIF}
 209
 210// algorithm identifier definitions
 211Const
 212  CALG_MD2              = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_MD2);
 213  CALG_MD4              = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_MD4);
 214  CALG_MD5              = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_MD5);
 215  CALG_SHA              = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_SHA);
 216  CALG_SHA1             = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_SHA1);
 217  CALG_MAC              = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_MAC);
 218  CALG_RSA_SIGN         = (ALG_CLASS_SIGNATURE or ALG_TYPE_RSA or ALG_SID_RSA_ANY);
 219  CALG_DSS_SIGN         = (ALG_CLASS_SIGNATURE or ALG_TYPE_DSS or ALG_SID_DSS_ANY);
 220  CALG_RSA_KEYX         = (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_RSA or ALG_SID_RSA_ANY);
 221  CALG_DES              = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_DES);
 222  CALG_3DES_112         = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_3DES_112);
 223  CALG_3DES             = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_3DES);
 224  CALG_RC2              = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_RC2);
 225  CALG_RC4              = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_STREAM or ALG_SID_RC4);
 226  CALG_SEAL             = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_STREAM or ALG_SID_SEAL);
 227  CALG_DH_SF            = (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_DH or ALG_SID_DH_SANDF);
 228  CALG_DH_EPHEM         = (ALG_CLASS_KEY_EXCHANGE  or  ALG_TYPE_DH  or  ALG_SID_DH_EPHEM);
 229  CALG_AGREEDKEY_ANY    = (ALG_CLASS_KEY_EXCHANGE  or ALG_TYPE_DH or ALG_SID_AGREED_KEY_ANY);
 230  CALG_KEA_KEYX         = (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_DH or ALG_SID_KEA);
 231  CALG_HUGHES_MD5       = (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_ANY or ALG_SID_MD5);
 232  CALG_SKIPJACK         = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_SKIPJACK);
 233  CALG_TEK              = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_TEK);
 234  CALG_CYLINK_MEK       = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_CYLINK_MEK);
 235  CALG_SSL3_SHAMD5      = (ALG_CLASS_HASH  or  ALG_TYPE_ANY  or  ALG_SID_SSL3SHAMD5);
 236  CALG_SSL3_MASTER      = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SSL3_MASTER);
 237  CALG_SCHANNEL_MASTER_HASH = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SCHANNEL_MASTER_HASH);
 238  CALG_SCHANNEL_MAC_KEY = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SCHANNEL_MAC_KEY);
 239  CALG_SCHANNEL_ENC_KEY = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SCHANNEL_ENC_KEY);
 240  CALG_PCT1_MASTER      = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_PCT1_MASTER);
 241  CALG_SSL2_MASTER      = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SSL2_MASTER);
 242  CALG_TLS1_MASTER      = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_TLS1_MASTER);
 243  CALG_RC5              = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_RC5);
 244  CALG_HMAC             = (ALG_CLASS_HASH  or  ALG_TYPE_ANY  or  ALG_SID_HMAC);
 245
 246type
 247  PVTableProvStruc = ^VTableProvStruc;
 248  VTableProvStruc = record
 249    Version         :DWORD;
 250    FuncVerifyImage :TFarProc;
 251    FuncReturnhWnd  :TFarProc;
 252    dwProvType      :DWORD;
 253    pbContextInfo   :PBYTE;
 254    cbContextInfo   :DWORD;
 255end;
 256
 257//type HCRYPTPROV = ULONG;
 258//type HCRYPTKEY  = ULONG;
 259//type HCRYPTHASH = ULONG;
 260
 261
 262const
 263  // dwFlags definitions for CryptAcquireContext
 264  CRYPT_VERIFYCONTEXT  = $F0000000;
 265  CRYPT_NEWKEYSET      = $00000008;
 266  CRYPT_DELETEKEYSET   = $00000010;
 267  CRYPT_MACHINE_KEYSET = $00000020;
 268
 269  // dwFlag definitions for CryptGenKey
 270  CRYPT_EXPORTABLE     = $00000001;
 271  CRYPT_USER_PROTECTED = $00000002;
 272  CRYPT_CREATE_SALT    = $00000004;
 273  CRYPT_UPDATE_KEY     = $00000008;
 274  CRYPT_NO_SALT        = $00000010;
 275  CRYPT_PREGEN         = $00000040;
 276  CRYPT_RECIPIENT      = $00000010;
 277  CRYPT_INITIATOR      = $00000040;
 278  CRYPT_ONLINE         = $00000080;
 279  CRYPT_SF             = $00000100;
 280  CRYPT_CREATE_IV      = $00000200;
 281  CRYPT_KEK            = $00000400;
 282  CRYPT_DATA_KEY       = $00000800;
 283
 284  // dwFlags definitions for CryptDeriveKey
 285  CRYPT_SERVER         = $00000400;
 286
 287  KEY_LENGTH_MASK      = $FFFF0000;
 288
 289  // dwFlag definitions for CryptExportKey
 290  CRYPT_Y_ONLY        = $00000001;
 291  CRYPT_SSL2_SLUMMING = $00000002;
 292
 293  // dwFlags definitions for CryptHashSessionKey
 294  CRYPT_LITTLE_ENDIAN = $00000001;
 295
 296  // dwFlag definitions for CryptSetProviderEx and CryptGetDefaultProvider
 297  CRYPT_MACHINE_DEFAULT = $00000001;
 298  CRYPT_USER_DEFAULT    = $00000002;
 299  CRYPT_DELETE_DEFAULT  = $00000004;
 300
 301  // exported key blob definitions
 302  SIMPLEBLOB        = $1;
 303  PUBLICKEYBLOB     = $6;
 304  PRIVATEKEYBLOB    = $7;
 305  PLAINTEXTKEYBLOB  = $8;
 306  AT_KEYEXCHANGE    = 1;
 307  AT_SIGNATURE      = 2;
 308  CRYPT_USERDATA    = 1;
 309
 310  // dwParam
 311  KP_IV                 = 1;  // Initialization vector
 312  KP_SALT               = 2;  // Salt value
 313  KP_PADDING            = 3;  // Padding values
 314  KP_MODE               = 4;  // Mode of the cipher
 315  KP_MODE_BITS          = 5;  // Number of bits to feedback
 316  KP_PERMISSIONS        = 6;  // Key permissions DWORD
 317  KP_ALGID              = 7;  // Key algorithm
 318  KP_BLOCKLEN           = 8;  // Block size of the cipher
 319  KP_KEYLEN             = 9;  // Length of key in bits
 320  KP_SALT_EX            = 10; // Length of salt in bytes
 321  KP_P                  = 11; // DSS/Diffie-Hellman P value
 322  KP_G                  = 12; // DSS/Diffie-Hellman G value
 323  KP_Q                  = 13; // DSS Q value
 324  KP_X                  = 14; // Diffie-Hellman X value
 325  KP_Y                  = 15; // Y value
 326  KP_RA                 = 16; // Fortezza RA value
 327  KP_RB                 = 17; // Fortezza RB value
 328  KP_INFO               = 18; // for putting information into an RSA envelope
 329  KP_EFFECTIVE_KEYLEN   = 19; // setting and getting RC2 effective key length
 330  KP_SCHANNEL_ALG	= 20; // for setting the Secure Channel algorithms
 331  KP_CLIENT_RANDOM      = 21; // for setting the Secure Channel client random data
 332  KP_SERVER_RANDOM      = 22; // for setting the Secure Channel server random data
 333  KP_RP                 = 23;
 334  KP_PRECOMP_MD5        = 24;
 335  KP_PRECOMP_SHA        = 25;
 336  KP_CERTIFICATE        = 26; // for setting Secure Channel certificate data (PCT1)
 337  KP_CLEAR_KEY          = 27; // for setting Secure Channel clear key data (PCT1)
 338  KP_PUB_EX_LEN         = 28;
 339  KP_PUB_EX_VAL         = 29;
 340
 341  // KP_PADDING
 342  PKCS5_PADDING         = 1; {PKCS 5 (sec 6.2) padding method}
 343  RANDOM_PADDING        = 2;
 344  ZERO_PADDING          = 3;
 345
 346  // KP_MODE
 347  CRYPT_MODE_CBC    = 1; // Cipher block chaining
 348  CRYPT_MODE_ECB    = 2; // Electronic code book
 349  CRYPT_MODE_OFB    = 3; // Output feedback mode
 350  CRYPT_MODE_CFB    = 4; // Cipher feedback mode
 351  CRYPT_MODE_CTS    = 5; // Ciphertext stealing mode
 352
 353  // KP_PERMISSIONS
 354  CRYPT_ENCRYPT     = $0001; // Allow encryption
 355  CRYPT_DECRYPT     = $0002; // Allow decryption
 356  CRYPT_EXPORT      = $0004; // Allow key to be exported
 357  CRYPT_READ        = $0008; // Allow parameters to be read
 358  CRYPT_WRITE       = $0010; // Allow parameters to be set
 359  CRYPT_MAC         = $0020; // Allow MACs to be used with key
 360  CRYPT_EXPORT_KEY  = $0040; // Allow key to be used for exporting keys
 361  CRYPT_IMPORT_KEY  = $0080; // Allow key to be used for importing keys
 362
 363  HP_ALGID          = $0001; // Hash algorithm
 364  HP_HASHVAL        = $0002; // Hash value
 365  HP_HASHSIZE       = $0004; // Hash value size
 366
 367  HP_HMAC_INFO      = $0005; // information for creating an HMAC
 368
 369  CRYPT_FAILED      = FALSE;
 370  CRYPT_SUCCEED     = TRUE;
 371
 372function RCRYPT_SUCCEEDED(rt:BOOL):BOOL;
 373function RCRYPT_FAILED(rt:BOOL):BOOL;
 374
 375const
 376  // CryptGetProvParam
 377  PP_ENUMALGS            = 1;
 378  PP_ENUMCONTAINERS      = 2;
 379  PP_IMPTYPE             = 3;
 380  PP_NAME                = 4;
 381  PP_VERSION             = 5;
 382  PP_CONTAINER           = 6;
 383  PP_CHANGE_PASSWORD     = 7;
 384  PP_KEYSET_SEC_DESCR    = 8;  // get/set security descriptor of keyset
 385  PP_CERTCHAIN           = 9;  // for retrieving certificates from tokens
 386  PP_KEY_TYPE_SUBTYPE    = 10;
 387  PP_PROVTYPE            = 16;
 388  PP_KEYSTORAGE          = 17;
 389  PP_APPLI_CERT          = 18;
 390  PP_SYM_KEYSIZE         = 19;
 391  PP_SESSION_KEYSIZE     = 20;
 392  PP_UI_PROMPT           = 21;
 393  PP_ENUMALGS_EX         = 22;
 394  CRYPT_FIRST            = 1;
 395  CRYPT_NEXT             = 2;
 396  CRYPT_IMPL_HARDWARE    = 1;
 397  CRYPT_IMPL_SOFTWARE    = 2;
 398  CRYPT_IMPL_MIXED       = 3;
 399  CRYPT_IMPL_UNKNOWN     = 4;
 400
 401  // key storage flags
 402  CRYPT_SEC_DESCR        = $00000001;
 403  CRYPT_PSTORE           = $00000002;
 404  CRYPT_UI_PROMPT        = $00000004;
 405
 406  // protocol flags
 407  CRYPT_FLAG_PCT1        = $0001;
 408  CRYPT_FLAG_SSL2        = $0002;
 409  CRYPT_FLAG_SSL3        = $0004;
 410  CRYPT_FLAG_TLS1        = $0008;
 411
 412  // CryptSetProvParam
 413  PP_CLIENT_HWND         = 1;
 414  PP_CONTEXT_INFO        = 11;
 415  PP_KEYEXCHANGE_KEYSIZE = 12;
 416  PP_SIGNATURE_KEYSIZE   = 13;
 417  PP_KEYEXCHANGE_ALG     = 14;
 418  PP_SIGNATURE_ALG       = 15;
 419  PP_DELETEKEY           = 24;
 420
 421  PROV_RSA_FULL          = 1;
 422  PROV_RSA_SIG           = 2;
 423  PROV_DSS               = 3;
 424  PROV_FORTEZZA          = 4;
 425  PROV_MS_EXCHANGE       = 5;
 426  PROV_SSL               = 6;
 427
 428PROV_RSA_SCHANNEL        = 12;
 429PROV_DSS_DH              = 13;
 430PROV_EC_ECDSA_SIG        = 14;
 431PROV_EC_ECNRA_SIG        = 15;
 432PROV_EC_ECDSA_FULL       = 16;
 433PROV_EC_ECNRA_FULL       = 17;
 434PROV_SPYRUS_LYNKS        = 20;
 435
 436
 437  // STT defined Providers
 438  PROV_STT_MER           = 7;
 439  PROV_STT_ACQ           = 8;
 440  PROV_STT_BRND          = 9;
 441  PROV_STT_ROOT          = 10;
 442  PROV_STT_ISS           = 11;
 443
 444  // Provider friendly names
 445  MS_DEF_PROV_A          = 'Microsoft Base Cryptographic Provider v1.0';
 446  {$IFNDEF VER90}
 447    MS_DEF_PROV_W        = WideString( 'Microsoft Base Cryptographic Provider v1.0');
 448  {$ELSE}
 449    MS_DEF_PROV_W        = ( 'Microsoft Base Cryptographic Provider v1.0');
 450  {$ENDIF}
 451
 452{$IFDEF UNICODE}
 453  MS_DEF_PROV            = MS_DEF_PROV_W;
 454{$ELSE}
 455  MS_DEF_PROV            = MS_DEF_PROV_A;
 456{$ENDIF}
 457
 458  MS_ENHANCED_PROV_A   = 'Microsoft Enhanced Cryptographic Provider v1.0';
 459  {$IFNDEF VER90}
 460    MS_ENHANCED_PROV_W = WideString('Microsoft Enhanced Cryptographic Provider v1.0');
 461  {$ELSE}
 462    MS_ENHANCED_PROV_W = ('Microsoft Enhanced Cryptographic Provider v1.0');
 463  {$ENDIF}
 464
 465{$IFDEF UNICODE}
 466  MS_ENHANCED_PROV = MS_ENHANCED_PROV_W;
 467{$ELSE}
 468  MS_ENHANCED_PROV = MS_ENHANCED_PROV_A;
 469{$ENDIF}
 470
 471  MS_DEF_RSA_SIG_PROV_A    = 'Microsoft RSA Signature Cryptographic Provider';
 472  {$IFNDEF VER90}
 473    MS_DEF_RSA_SIG_PROV_W  = WideString('Microsoft RSA Signature Cryptographic Provider');
 474  {$ELSE}
 475    MS_DEF_RSA_SIG_PROV_W  = ('Microsoft RSA Signature Cryptographic Provider');
 476  {$ENDIF}
 477
 478{$IFDEF UNICODE}
 479  MS_DEF_RSA_SIG_PROV = MS_DEF_RSA_SIG_PROV_W;
 480{$ELSE}
 481  MS_DEF_RSA_SIG_PROV = MS_DEF_RSA_SIG_PROV_A;
 482{$ENDIF}
 483
 484  MS_DEF_RSA_SCHANNEL_PROV_A    = 'Microsoft Base RSA SChannel Cryptographic Provider';
 485  {$IFNDEF VER90}
 486    MS_DEF_RSA_SCHANNEL_PROV_W  = WideString('Microsoft Base RSA SChannel Cryptographic Provider');
 487  {$ELSE}
 488    MS_DEF_RSA_SCHANNEL_PROV_W  = ('Microsoft Base RSA SChannel Cryptographic Provider');
 489  {$ENDIF}
 490
 491
 492{$IFDEF UNICODE}
 493  MS_DEF_RSA_SCHANNEL_PROV = MS_DEF_RSA_SCHANNEL_PROV_W;
 494{$ELSE}
 495  MS_DEF_RSA_SCHANNEL_PROV = MS_DEF_RSA_SCHANNEL_PROV_A;
 496{$ENDIF}
 497
 498  MS_ENHANCED_RSA_SCHANNEL_PROV_A    = 'Microsoft Enhanced RSA SChannel Cryptographic Provider';
 499  {$IFNDEF VER90}
 500    MS_ENHANCED_RSA_SCHANNEL_PROV_W  = WideString('Microsoft Enhanced RSA SChannel Cryptographic Provider');
 501  {$ELSE}
 502    MS_ENHANCED_RSA_SCHANNEL_PROV_W  = ('Microsoft Enhanced RSA SChannel Cryptographic Provider');
 503  {$ENDIF}
 504
 505{$IFDEF UNICODE}
 506  MS_ENHANCED_RSA_SCHANNEL_PROV = MS_ENHANCED_RSA_SCHANNEL_PROV_W;
 507{$ELSE}
 508  MS_ENHANCED_RSA_SCHANNEL_PROV = MS_ENHANCED_RSA_SCHANNEL_PROV_A;
 509{$ENDIF}
 510
 511  MS_DEF_DSS_PROV_A    =  'Microsoft Base DSS Cryptographic Provider';
 512  {$IFNDEF VER90}
 513    MS_DEF_DSS_PROV_W  = WideString('Microsoft Base DSS Cryptographic Provider');
 514  {$ELSE}
 515    MS_DEF_DSS_PROV_W  = ('Microsoft Base DSS Cryptographic Provider');
 516  {$ENDIF}
 517
 518{$IFDEF UNICODE}
 519  MS_DEF_DSS_PROV = MS_DEF_DSS_PROV_W;
 520{$ELSE}
 521  MS_DEF_DSS_PROV = MS_DEF_DSS_PROV_A;
 522{$ENDIF}
 523
 524  MS_DEF_DSS_DH_PROV_A    = 'Microsoft Base DSS and Diffie-Hellman Cryptographic Provider';
 525  {$IFNDEF VER90}
 526    MS_DEF_DSS_DH_PROV_W  = WideString('Microsoft Base DSS and Diffie-Hellman Cryptographic Provider');
 527  {$ELSE}
 528    MS_DEF_DSS_DH_PROV_W  = ('Microsoft Base DSS and Diffie-Hellman Cryptographic Provider');
 529  {$ENDIF}
 530
 531{$IFDEF UNICODE}
 532  MS_DEF_DSS_DH_PROV = MS_DEF_DSS_DH_PROV_W;
 533{$ELSE}
 534  MS_DEF_DSS_DH_PROV = MS_DEF_DSS_DH_PROV_A;
 535{$ENDIF}
 536
 537  MAXUIDLEN              = 64;
 538  CUR_BLOB_VERSION       = 2;
 539
 540{structure for use with CryptSetHashParam with CALG_HMAC}
 541type
 542  PHMAC_INFO = ^HMAC_INFO;
 543  HMAC_INFO = record
 544    HashAlgid     :ALG_ID;
 545    pbInnerString :PBYTE;
 546    cbInnerString :DWORD;
 547    pbOuterString :PBYTE;
 548    cbOuterString :DWORD;
 549  end;
 550
 551// structure for use with CryptSetHashParam with CALG_HMAC
 552type
 553  PSCHANNEL_ALG = ^SCHANNEL_ALG;
 554  SCHANNEL_ALG  = record
 555    dwUse :DWORD;
 556    Algid :ALG_ID;
 557    cBits :DWORD;
 558  end;
 559
 560// uses of algortihms for SCHANNEL_ALG structure
 561const
 562  SCHANNEL_MAC_KEY = $00000000;
 563  SCHANNEL_ENC_KEY = $00000001;
 564
 565type
 566  PPROV_ENUMALGS = ^PROV_ENUMALGS;
 567  PROV_ENUMALGS = record
 568    aiAlgid   :ALG_ID;
 569    dwBitLen  :DWORD;
 570    dwNameLen :DWORD;
 571    szName    :array[0..20-1] of Char;
 572  end ;
 573
 574type
 575  PPROV_ENUMALGS_EX = ^PROV_ENUMALGS_EX;
 576  PROV_ENUMALGS_EX = record
 577    aiAlgid       :ALG_ID;
 578    dwDefaultLen  :DWORD;
 579    dwMinLen      :DWORD;
 580    dwMaxLen      :DWORD;
 581    dwProtocols   :DWORD;
 582    dwNameLen     :DWORD;
 583    szName        :array[0..20-1] of Char;
 584    dwLongNameLen :DWORD;
 585    szLongName    :array[0..40-1] of Char;
 586    end;
 587
 588type
 589  PPUBLICKEYSTRUC = ^PUBLICKEYSTRUC;
 590  PUBLICKEYSTRUC = record
 591    bType    :BYTE;
 592    bVersion :BYTE;
 593    reserved :Word;
 594    aiKeyAlg :ALG_ID;
 595  end;
 596
 597type
 598  BLOBHEADER  = PUBLICKEYSTRUC;
 599  PBLOBHEADER = ^BLOBHEADER;
 600
 601type
 602  PRSAPUBKEY = ^RSAPUBKEY;
 603  RSAPUBKEY = record
 604    magic  :DWORD;  // Has to be RSA1
 605    bitlen :DWORD;  // # of bits in modulus
 606    pubexp :DWORD;  // public exponent
 607                    // Modulus data follows
 608    end;
 609
 610type
 611  PPUBKEY = ^PUBKEY;
 612  PUBKEY = record
 613    magic  :DWORD;
 614    bitlen :DWORD; // # of bits in modulus
 615  end;
 616
 617type
 618  DHPUBKEY  = PUBKEY;
 619  DSSPUBKEY = PUBKEY;
 620  KEAPUBKEY = PUBKEY;
 621  TEKPUBKEY = PUBKEY;
 622
 623
 624type
 625  PDSSSEED = ^DSSSEED;
 626  DSSSEED = record
 627    counter :DWORD;
 628    seed    :array[0..20-1] of BYTE;
 629  end;
 630
 631type
 632  PKEY_TYPE_SUBTYPE = ^KEY_TYPE_SUBTYPE;
 633  KEY_TYPE_SUBTYPE = record
 634    dwKeySpec :DWORD;
 635    Type_     :TGUID; {conflict with base Delphi type: original name 'Type'}
 636    Subtype   :TGUID;
 637  end;
 638
 639type
 640  HCRYPTPROV  = ULONG;
 641  PHCRYPTPROV = ^HCRYPTPROV;
 642  HCRYPTKEY   = ULONG;
 643  PHCRYPTKEY  = ^HCRYPTKEY;
 644  HCRYPTHASH  = ULONG;
 645  PHCRYPTHASH = ^HCRYPTHASH;
 646
 647function CryptAcquireContextA(phProv       :PHCRYPTPROV;
 648                              pszContainer :PAnsiChar;
 649                              pszProvider  :PAnsiChar;
 650                              dwProvType   :DWORD;
 651                              dwFlags      :DWORD) :BOOL;stdcall;
 652
 653function CryptAcquireContext(phProv        :PHCRYPTPROV;
 654                              pszContainer :LPAWSTR;
 655                              pszProvider  :LPAWSTR;
 656                              dwProvType   :DWORD;
 657                              dwFlags      :DWORD) :BOOL;stdcall;
 658
 659function CryptAcquireContextW(phProv       :PHCRYPTPROV;
 660                              pszContainer :PWideChar;
 661                              pszProvider  :PWideChar;
 662                              dwProvType   :DWORD;
 663                              dwFlags      :DWORD) :BOOL ;stdcall;
 664
 665
 666function CryptReleaseContext(hProv   :HCRYPTPROV;
 667                             dwFlags :DWORD) :BOOL;stdcall;
 668
 669
 670
 671function CryptGenKey(hProv   :HCRYPTPROV;
 672                     Algid   :ALG_ID;
 673                     dwFlags :DWORD;
 674                     phKey   :PHCRYPTKEY) :BOOL;stdcall ;
 675
 676
 677function CryptDeriveKey(hProv     :HCRYPTPROV;
 678                        Algid     :ALG_ID;
 679                        hBaseData :HCRYPTHASH;
 680                        dwFlags   :DWORD;
 681                        phKey     :PHCRYPTKEY) :BOOL;stdcall ;
 682
 683
 684
 685function CryptDestroyKey(hKey  :HCRYPTKEY) :BOOL;stdcall ;
 686
 687
 688function CryptSetKeyParam(hKey    :HCRYPTKEY;
 689                          dwParam :DWORD;
 690                          pbData  :PBYTE;
 691                          dwFlags :DWORD) :BOOL;stdcall;
 692
 693
 694function CryptGetKeyParam(hKey       :HCRYPTKEY;
 695                          dwParam    :DWORD;
 696                          pbData     :PBYTE;
 697                          pdwDataLen :PDWORD;
 698                          dwFlags    :DWORD) :BOOL;stdcall;
 699
 700
 701function CryptSetHashParam(hHash   :HCRYPTHASH;
 702                           dwParam :DWORD;
 703                           pbData  :PBYTE;
 704                           dwFlags :DWORD) :BOOL;stdcall;
 705
 706
 707function CryptGetHashParam(hHash      :HCRYPTHASH;
 708                           dwParam    :DWORD;
 709                           pbData     :PBYTE;
 710                           pdwDataLen :PDWORD;
 711                           dwFlags    :DWORD) :BOOL;stdcall;
 712
 713
 714function CryptSetProvParam(hProv   :HCRYPTPROV;
 715                           dwParam :DWORD;
 716                           pbData  :PBYTE;
 717                           dwFlags :DWORD) :BOOL;stdcall;
 718
 719
 720function CryptGetProvParam(hProv      :HCRYPTPROV;
 721                           dwParam    :DWORD;
 722                           pbData     :PBYTE;
 723                           pdwDataLen :PDWORD;
 724                           dwFlags    :DWORD) :BOOL;stdcall;
 725
 726
 727function CryptGenRandom(hProv    :HCRYPTPROV;
 728                        dwLen    :DWORD;
 729                        pbBuffer :PBYTE) :BOOL;stdcall;
 730
 731
 732function CryptGetUserKey(hProv     :HCRYPTPROV;
 733                         dwKeySpec :DWORD;
 734                         phUserKey :PHCRYPTKEY) :BOOL;stdcall;
 735
 736
 737function CryptExportKey(hKey       :HCRYPTKEY;
 738                        hExpKey    :HCRYPTKEY;
 739                        dwBlobType :DWORD;
 740                        dwFlags    :DWORD;
 741                        pbData     :PBYTE;
 742                        pdwDataLen :PDWORD) :BOOL;stdcall;
 743
 744
 745function CryptImportKey(hProv     :HCRYPTPROV;
 746                        pbData    :PBYTE;
 747                        dwDataLen :DWORD;
 748                        hPubKey   :HCRYPTKEY;
 749                        dwFlags   :DWORD;
 750                        phKey     :PHCRYPTKEY) :BOOL;stdcall;
 751
 752
 753function CryptEncrypt(hKey       :HCRYPTKEY;
 754                      hHash      :HCRYPTHASH;
 755                      Final      :BOOL;
 756                      dwFlags    :DWORD;
 757                      pbData     :PBYTE;
 758                      pdwDataLen :PDWORD;
 759                      dwBufLen   :DWORD) :BOOL;stdcall;
 760
 761
 762function CryptDecrypt(hKey       :HCRYPTKEY;
 763                      hHash      :HCRYPTHASH;
 764                      Final      :BOOL;
 765                      dwFlags    :DWORD;
 766                      pbData     :PBYTE;
 767                      pdwDataLen :PDWORD) :BOOL;stdcall;
 768
 769
 770function CryptCreateHash(hProv   :HCRYPTPROV;
 771                         Algid   :ALG_ID;
 772                         hKey    :HCRYPTKEY;
 773                         dwFlags :DWORD;
 774                         phHash  :PHCRYPTHASH) :BOOL;stdcall;
 775
 776
 777function CryptHashData(hHash       :HCRYPTHASH;
 778                 const pbData      :PBYTE;
 779                       dwDataLen   :DWORD;
 780                       dwFlags     :DWORD) :BOOL;stdcall;
 781
 782
 783function CryptHashSessionKey(hHash   :HCRYPTHASH;
 784                             hKey    :HCRYPTKEY;
 785                             dwFlags :DWORD) :BOOL;stdcall;
 786
 787
 788function CryptDestroyHash(hHash :HCRYPTHASH) :BOOL;stdcall;
 789
 790
 791function CryptSignHashA(hHash        :HCRYPTHASH;
 792                        dwKeySpec    :DWORD;
 793                        sDescription :PAnsiChar;
 794                        dwFlags      :DWORD;
 795                        pbSignature  :PBYTE;
 796                        pdwSigLen    :PDWORD) :BOOL;stdcall;
 797
 798
 799function CryptSignHash(hHash         :HCRYPTHASH;
 800                        dwKeySpec    :DWORD;
 801                        sDescription :LPAWSTR;
 802                        dwFlags      :DWORD;
 803                        pbSignature  :PBYTE;
 804                        pdwSigLen    :PDWORD) :BOOL;stdcall;
 805
 806function CryptSignHashW(hHash        :HCRYPTHASH;
 807                        dwKeySpec    :DWORD;
 808                        sDescription :PWideChar;
 809                        dwFlags      :DWORD;
 810                        pbSignature  :PBYTE;
 811                        pdwSigLen    :PDWORD) :BOOL;stdcall;
 812
 813function CryptSignHashU(hHash        :HCRYPTHASH;
 814                        dwKeySpec    :DWORD;
 815                        sDescription :PWideChar;
 816                        dwFlags      :DWORD;
 817                        pbSignature  :PBYTE;
 818                        pdwSigLen    :PDWORD) :BOOL;stdcall;
 819
 820function CryptVerifySignatureA(hHash        :HCRYPTHASH;
 821                         const pbSignature  :PBYTE;
 822                               dwSigLen     :DWORD;
 823                               hPubKey      :HCRYPTKEY;
 824                               sDescription :PAnsiChar;
 825                               dwFlags      :DWORD) :BOOL;stdcall;
 826
 827function CryptVerifySignature(hHash         :HCRYPTHASH;
 828                        const pbSignature  :PBYTE;
 829                              dwSigLen     :DWORD;
 830                              hPubKey      :HCRYPTKEY;
 831                              sDescription :LPAWSTR;
 832                               dwFlags      :DWORD) :BOOL;stdcall;
 833
 834
 835function CryptVerifySignatureW(hHash        :HCRYPTHASH;
 836                         const pbSignature  :PBYTE;
 837                               dwSigLen     :DWORD;
 838                               hPubKey      :HCRYPTKEY;
 839                               sDescription :PWideChar;
 840                               dwFlags      :DWORD) :BOOL;stdcall;
 841
 842
 843function CryptSetProviderA(pszProvName :PAnsiChar;
 844                           dwProvType  :DWORD) :BOOL;stdcall;
 845
 846function CryptSetProvider(pszProvName :LPAWSTR;
 847                           dwProvType :DWORD) :BOOL;stdcall;
 848
 849function CryptSetProviderW(pszProvName :PWideChar;
 850                           dwProvType  :DWORD) :BOOL;stdcall;
 851
 852function CryptSetProviderU(pszProvName :PWideChar;
 853                           dwProvType  :DWORD) :BOOL;stdcall;
 854
 855{$IFDEF NT5}
 856
 857function CryptSetProviderExA(pszProvName :LPCSTR;
 858                             dwProvType  :DWORD;
 859                             pdwReserved :PDWORD;
 860                             dwFlags     :DWORD):BOOL;stdcall;
 861
 862function CryptSetProviderExW(pszProvName :LPCWSTR;
 863                             dwProvType  :DWORD;
 864                             pdwReserved :PDWORD;
 865                             dwFlags     :DWORD):BOOL;stdcall;
 866
 867function CryptSetProviderEx(pszProvName :LPAWSTR;
 868                            dwProvType  :DWORD;
 869                            pdwReserved :PDWORD;
 870                            dwFlags     :DWORD):BOOL;stdcall;
 871
 872
 873function CryptGetDefaultProviderA(dwProvType  :DWORD;
 874                                  pdwReserved :DWORD;
 875                                  dwFlags     :DWORD;
 876                                  pszProvName :LPSTR;
 877                                  pcbProvName :PDWORD):BOOL ; stdcall;
 878
 879function CryptGetDefaultProviderW(dwProvType  :DWORD;
 880                                  pdwReserved :DWORD;
 881                                  dwFlags     :DWORD;
 882                                  pszProvName :LPWSTR;
 883                                  pcbProvName :PDWORD):BOOL ; stdcall;
 884
 885function CryptGetDefaultProvider(dwProvType  :DWORD;
 886                                 pdwReserved :DWORD;
 887                                 dwFlags     :DWORD;
 888                                 pszProvName :LPAWSTR;
 889                                 pcbProvName :PDWORD):BOOL ; stdcall;
 890
 891function CryptEnumProviderTypesA(dwIndex     :DWORD;
 892                                 pdwReserved :PDWORD;
 893                                 dwFlags     :DWORD;
 894                                 pdwProvType :PDWORD;
 895                                 pszTypeName :LPSTR;
 896                                 pcbTypeName :PDWORD):BOOL ; stdcall;
 897
 898function CryptEnumProviderTypesW(dwIndex     :DWORD;
 899                                 pdwReserved :PDWORD;
 900                                 dwFlags     :DWORD;
 901                                 pdwProvType :PDWORD;
 902                                 pszTypeName :LPWSTR;
 903                                 pcbTypeName :PDWORD):BOOL ; stdcall;
 904
 905function CryptEnumProviderTypes(dwIndex     :DWORD;
 906                                pdwReserved :PDWORD;
 907                                dwFlags     :DWORD;
 908                                pdwProvType :PDWORD;
 909                                pszTypeName :LPAWSTR;
 910                                pcbTypeName :PDWORD):BOOL ; stdcall;
 911
 912function CryptEnumProvidersA(dwIndex     :DWORD;
 913                             pdwReserved :PDWORD;
 914                             dwFlags     :DWORD;
 915                             pdwProvType :PDWORD;
 916                             pszProvName :LPSTR;
 917                             pcbProvName :PDWORD):BOOL ; stdcall;
 918
 919function CryptEnumProvidersW(dwIndex     :DWORD;
 920                             pdwReserved :PDWORD;
 921                             dwFlags     :DWORD;
 922                             pdwProvType :PDWORD;
 923                             pszProvName :LPWSTR;
 924                             pcbProvName :PDWORD):BOOL ; stdcall;
 925
 926function CryptEnumProviders(dwIndex      :DWORD;
 927                             pdwReserved :PDWORD;
 928                             dwFlags     :DWORD;
 929                             pdwProvType :PDWORD;
 930                             pszProvName :LPAWSTR;
 931                             pcbProvName :PDWORD):BOOL ; stdcall;
 932
 933function CryptContextAddRef(hProv       :HCRYPTPROV;
 934                            pdwReserved :PDWORD;
 935                            dwFlags     :DWORD):BOOL ; stdcall;
 936
 937function CryptDuplicateKey(hKey        :HCRYPTKEY;
 938                           pdwReserved :PDWORD;
 939                           dwFlags     :DWORD;
 940                           phKey       :PHCRYPTKEY):BOOL ; stdcall;
 941
 942function CryptDuplicateHash(hHash       :HCRYPTHASH;
 943                            pdwReserved :PDWORD;
 944                            dwFlags     :DWORD;
 945                            phHash      :PHCRYPTHASH):BOOL ; stdcall;
 946
 947{$ENDIF NT5}
 948
 949function CryptEnumProvidersU(dwIndex     :DWORD;
 950                             pdwReserved :PDWORD;
 951                             dwFlags     :DWORD;
 952                             pdwProvType :PDWORD;
 953                             pszProvName :LPWSTR;
 954                             pcbProvName :PDWORD):BOOL ; stdcall;
 955
 956//+-------------------------------------------------------------------------
 957//  CRYPTOAPI BLOB definitions
 958//--------------------------------------------------------------------------
 959
 960type
 961  PCRYPTOAPI_BLOB = ^CRYPTOAPI_BLOB;
 962  CRYPTOAPI_BLOB = record
 963    cbData :DWORD;
 964    pbData :PBYTE;
 965  end;
 966
 967type
 968  CRYPT_INTEGER_BLOB            = CRYPTOAPI_BLOB;
 969  PCRYPT_INTEGER_BLOB           = ^CRYPT_INTEGER_BLOB;
 970  CRYPT_UINT_BLOB               = CRYPTOAPI_BLOB;
 971  PCRYPT_UINT_BLOB              = ^CRYPT_UINT_BLOB;
 972  CRYPT_OBJID_BLOB              = CRYPTOAPI_BLOB;
 973  PCRYPT_OBJID_BLOB             = ^CRYPT_OBJID_BLOB;
 974  CERT_NAME_BLOB                = CRYPTOAPI_BLOB;
 975  PCERT_NAME_BLOB               = ^CERT_NAME_BLOB;
 976  CERT_RDN_VALUE_BLOB           = CRYPTOAPI_BLOB;
 977  PCERT_RDN_VALUE_BLOB          = ^CERT_RDN_VALUE_BLOB;
 978  CERT_BLOB                     = CRYPTOAPI_BLOB;
 979  PCERT_BLOB                    = ^CERT_BLOB;
 980  CRL_BLOB                      = CRYPTOAPI_BLOB;
 981  PCRL_BLOB                     = ^CRL_BLOB;
 982  DATA_BLOB                     = CRYPTOAPI_BLOB;
 983  PDATA_BLOB                    = ^DATA_BLOB;     // JEFFJEFF temporary (too generic)
 984  CRYPT_DATA_BLOB               = CRYPTOAPI_BLOB;
 985  PCRYPT_DATA_BLOB              = ^CRYPT_DATA_BLOB;
 986  CRYPT_HASH_BLOB               = CRYPTOAPI_BLOB;
 987  PCRYPT_HASH_BLOB              = ^CRYPT_HASH_BLOB;
 988  CRYPT_DIGEST_BLOB             = CRYPTOAPI_BLOB;
 989  PCRYPT_DIGEST_BLOB            = ^CRYPT_DIGEST_BLOB;
 990  CRYPT_DER_BLOB                = CRYPTOAPI_BLOB;
 991  PCRYPT_DER_BLOB               = ^CRYPT_DER_BLOB;
 992  CRYPT_ATTR_BLOB               = CRYPTOAPI_BLOB;
 993  PCRYPT_ATTR_BLOB              = ^CRYPT_ATTR_BLOB;
 994
 995//+-------------------------------------------------------------------------
 996//  In a CRYPT_BIT_BLOB the last byte may contain 0-7 unused bits. Therefore, the
 997//  overall bit length is cbData * 8 - cUnusedBits.
 998//--------------------------------------------------------------------------
 999
1000type
1001  PCRYPT_BIT_BLOB = ^CRYPT_BIT_BLOB;
1002  CRYPT_BIT_BLOB = record
1003    cbData      :DWORD;
1004    pbData      :PBYTE;
1005    cUnusedBits :DWORD;
1006  end;
1007
1008//+-------------------------------------------------------------------------
1009//  Type used for any algorithm
1010//
1011//  Where the Parameters CRYPT_OBJID_BLOB is in its encoded representation. For most
1012//  algorithm types, the Parameters CRYPT_OBJID_BLOB is NULL (Parameters.cbData = 0).
1013//--------------------------------------------------------------------------
1014
1015type
1016  PCRYPT_ALGORITHM_IDENTIFIER = ^CRYPT_ALGORITHM_IDENTIFIER;
1017  CRYPT_ALGORITHM_IDENTIFIER = record
1018    pszObjId   :LPSTR;
1019    Parameters :CRYPT_OBJID_BLOB;
1020  end;
1021
1022// Following are the definitions of various algorithm object identifiers
1023// RSA
1024const 
1025  szOID_RSA         = '1.2.840.113549';
1026  szOID_PKCS        = '1.2.840.113549.1';
1027  szOID_RSA_HASH    = '1.2.840.113549.2';
1028  szOID_RSA_ENCRYPT = '1.2.840.113549.3';
1029
1030  szOID_PKCS_1      = '1.2.840.113549.1.1';
1031  szOID_PKCS_2      = '1.2.840.113549.1.2';
1032  szOID_PKCS_3      = '1.2.840.113549.1.3';
1033  szOID_PKCS_4      = '1.2.840.113549.1.4';
1034  szOID_PKCS_5      = '1.2.840.113549.1.5';
1035  szOID_PKCS_6      = '1.2.840.113549.1.6';
1036  szOID_PKCS_7      = '1.2.840.113549.1.7';
1037  szOID_PKCS_8      = '1.2.840.113549.1.8';
1038  szOID_PKCS_9      = '1.2.840.113549.1.9';
1039  szOID_PKCS_10     = '1.2.840.113549.1.10';
1040
1041  szOID_RSA_RSA     = '1.2.840.113549.1.1.1';
1042  szOID_RSA_MD2RSA  = '1.2.840.113549.1.1.2';
1043  szOID_RSA_MD4RSA  = '1.2.840.113549.1.1.3';
1044  szOID_RSA_MD5RSA  = '1.2.840.113549.1.1.4';
1045  szOID_RSA_SHA1RSA = '1.2.840.113549.1.1.5';
1046  szOID_RSA_SETOAEP_RSA  = '1.2.840.113549.1.1.6';
1047  
1048  szOID_RSA_data             = '1.2.840.113549.1.7.1';
1049  szOID_RSA_signedData       = '1.2.840.113549.1.7.2';
1050  szOID_RSA_envelopedData    = '1.2.840.113549.1.7.3';
1051  szOID_RSA_signEnvData      = '1.2.840.113549.1.7.4';
1052  szOID_RSA_digestedData     = '1.2.840.113549.1.7.5';
1053  szOID_RSA_hashedData       = '1.2.840.113549.1.7.5';
1054  szOID_RSA_encryptedData    = '1.2.840.113549.1.7.6';
1055
1056  szOID_RSA_emailAddr           = '1.2.840.113549.1.9.1';
1057  szOID_RSA_unstructName        = '1.2.840.113549.1.9.2';
1058  szOID_RSA_contentType         = '1.2.840.113549.1.9.3';
1059  szOID_RSA_messageDigest       = '1.2.840.113549.1.9.4';
1060  szOID_RSA_signingTime         = '1.2.840.113549.1.9.5';
1061  szOID_RSA_counterSign         = '1.2.840.113549.1.9.6';
1062  szOID_RSA_challengePwd        = '1.2.840.113549.1.9.7';
1063  szOID_RSA_unstructAddr        = '1.2.840.113549.1.9.8';
1064  szOID_RSA_extCertAttrs        = '1.2.840.113549.1.9.9';
1065  szOID_RSA_SMIMECapabilities   = '1.2.840.113549.1.9.15';
1066  szOID_RSA_preferSignedData    = '1.2.840.113549.1.9.15.1';
1067
1068  szOID_RSA_MD2 = '1.2.840.113549.2.2';
1069  szOID_RSA_MD4 = '1.2.840.113549.2.4';
1070  szOID_RSA_MD5 = '1.2.840.113549.2.5';
1071
1072  szOID_RSA_RC2CBC        = '1.2.840.113549.3.2';
1073  szOID_RSA_RC4           = '1.2.840.113549.3.4';
1074  szOID_RSA_DES_EDE3_CBC  = '1.2.840.113549.3.7';
1075  szOID_RSA_RC5_CBCPad    = '1.2.840.113549.3.9';
1076
1077// ITU-T UsefulDefinitions
1078  szOID_DS          = '2.5';
1079  szOID_DSALG       = '2.5.8';
1080  szOID_DSALG_CRPT  = '2.5.8.1';
1081  szOID_DSALG_HASH  = '2.5.8.2';
1082  szOID_DSALG_SIGN  = '2.5.8.3';
1083  szOID_DSALG_RSA   = '2.5.8.1.1';
1084
1085// NIST OSE Implementors' Workshop (OIW)
1086// http://nemo.ncsl.nist.gov/oiw/agreements/stable/OSI/12s_9506.w51
1087// http://nemo.ncsl.nist.gov/oiw/agreements/working/OSI/12w_9503.w51
1088  szOID_OIW            = '1.3.14';
1089// NIST OSE Implementors' Workshop (OIW) Security SIG algorithm identifiers
1090  szOID_OIWSEC         = '1.3.14.3.2';
1091  szOID_OIWSEC_md4RSA  = '1.3.14.3.2.2';
1092  szOID_OIWSEC_md5RSA  = '1.3.14.3.2.3';
1093  szOID_OIWSEC_md4RSA2 = '1.3.14.3.2.4';
1094  szOID_OIWSEC_desECB  = '1.3.14.3.2.6';
1095  szOID_OIWSEC_desCBC  = '1.3.14.3.2.7';
1096  szOID_OIWSEC_desOFB  = '1.3.14.3.2.8';
1097  szOID_OIWSEC_desCFB  = '1.3.14.3.2.9';
1098  szOID_OIWSEC_desMAC  = '1.3.14.3.2.10';
1099  szOID_OIWSEC_rsaSign = '1.3.14.3.2.11';
1100  szOID_OIWSEC_dsa     = '1.3.14.3.2.12';
1101  szOID_OIWSEC_shaDSA  = '1.3.14.3.2.13';
1102  szOID_OIWSEC_mdc2RSA = '1.3.14.3.2.14';
1103  szOID_OIWSEC_shaRSA  = '1.3.14.3.2.15';
1104  szOID_OIWSEC_dhCommMod = '1.3.14.3.2.16';
1105  szOID_OIWSEC_desEDE    = '1.3.14.3.2.17';
1106  szOID_OIWSEC_sha       = '1.3.14.3.2.18';
1107  szOID_OIWSEC_mdc2      = '1.3.14.3.2.19';
1108  szOID_OIWSEC_dsaComm   = '1.3.14.3.2.20';
1109  szOID_OIWSEC_dsaCommSHA  = '1.3.14.3.2.21';
1110  szOID_OIWSEC_rsaXchg     = '1.3.14.3.2.22';
1111  szOID_OIWSEC_keyHashSeal = '1.3.14.3.2.23';
1112  szOID_OIWSEC_md2RSASign  = '1.3.14.3.2.24';
1113  szOID_OIWSEC_md5RSASign  = '1.3.14.3.2.25';
1114  szOID_OIWSEC_sha1        = '1.3.14.3.2.26';
1115  szOID_OIWSEC_dsaSHA1     = '1.3.14.3.2.27';
1116  szOID_OIWSEC_dsaCommSHA1 =  '1.3.14.3.2.28';
1117  szOID_OIWSEC_sha1RSASign =  '1.3.14.3.2.29';
1118// NIST OSE Implementors' Workshop (OIW) Directory SIG algorithm identifiers
1119  szOID_OIWDIR             = '1.3.14.7.2';
1120  szOID_OIWDIR_CRPT        = '1.3.14.7.2.1';
1121  szOID_OIWDIR_HASH        = '1.3.14.7.2.2';
1122  szOID_OIWDIR_SIGN        = '1.3.14.7.2.3';
1123  szOID_OIWDIR_md2         = '1.3.14.7.2.2.1';
1124  szOID_OIWDIR_md2RSA      = '1.3.14.7.2.3.1';
1125
1126
1127// INFOSEC Algorithms
1128// joint-iso-ccitt(2) country(16) us(840) organization(1) us-government(101) dod(2) id-infosec(1)
1129  szOID_INFOSEC                       = '2.16.840.1.101.2.1';
1130  szOID_INFOSEC_sdnsSignature         = '2.16.840.1.101.2.1.1.1';
1131  szOID_INFOSEC_mosaicSignature       = '2.16.840.1.101.2.1.1.2';
1132  szOID_INFOSEC_sdnsConfidentiality   = '2.16.840.1.101.2.1.1.3';
1133  szOID_INFOSEC_mosaicConfidentiality = '2.16.840.1.101.2.1.1.4';
1134  szOID_INFOSEC_sdnsIntegrity         = '2.16.840.1.101.2.1.1.5';
1135  szOID_INFOSEC_mosaicIntegrity       = '2.16.840.1.101.2.1.1.6';
1136  szOID_INFOSEC_sdnsTokenProtection   = '2.16.840.1.101.2.1.1.7';
1137  szOID_INFOSEC_mosaicTokenProtection = '2.16.840.1.101.2.1.1.8';
1138  szOID_INFOSEC_sdnsKeyManagement     = '2.16.840.1.101.2.1.1.9';
1139  szOID_INFOSEC_mosaicKeyManagement   = '2.16.840.1.101.2.1.1.10';
1140  szOID_INFOSEC_sdnsKMandSig          = '2.16.840.1.101.2.1.1.11';
1141  szOID_INFOSEC_mosaicKMandSig        = '2.16.840.1.101.2.1.1.12';
1142  szOID_INFOSEC_SuiteASignature       = '2.16.840.1.101.2.1.1.13';
1143  szOID_INFOSEC_SuiteAConfidentiality = '2.16.840.1.101.2.1.1.14';
1144  szOID_INFOSEC_SuiteAIntegrity       = '2.16.840.1.101.2.1.1.15';
1145  szOID_INFOSEC_SuiteATokenProtection = '2.16.840.1.101.2.1.1.16';
1146  szOID_INFOSEC_SuiteAKeyManagement   = '2.16.840.1.101.2.1.1.17';
1147  szOID_INFOSEC_SuiteAKMandSig        = '2.16.840.1.101.2.1.1.18';
1148  szOID_INFOSEC_mosaicUpdatedSig      = '2.16.840.1.101.2.1.1.19';
1149  szOID_INFOSEC_mosaicKMandUpdSig     = '2.16.840.1.101.2.1.1.20';
1150  szOID_INFOSEC_mosaicUpdatedInteg    = '2.16.840.1.101.2.1.1.21';
1151
1152type
1153  PCRYPT_OBJID_TABLE = ^CRYPT_OBJID_TABLE;
1154  CRYPT_OBJID_TABLE = record
1155    dwAlgId  :DWORD;
1156    pszObjId :LPCSTR;
1157  end;
1158
1159//+-------------------------------------------------------------------------
1160//  PKCS #1 HashInfo (DigestInfo)
1161//--------------------------------------------------------------------------
1162
1163type
1164  PCRYPT_HASH_INFO = ^CRYPT_HASH_INFO;
1165  CRYPT_HASH_INFO = record
1166    HashAlgorithm :CRYPT_ALGORITHM_IDENTIFIER;
1167    Hash :CRYPT_HASH_BLOB;
1168  end;
1169
1170//+-------------------------------------------------------------------------
1171//  Type used for an extension to an encoded content
1172//
1173//  Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
1174//--------------------------------------------------------------------------
1175
1176type
1177  PCERT_EXTENSION = ^CERT_EXTENSION;
1178  CERT_EXTENSION = record
1179    pszObjId :LPSTR;
1180    fCritical :BOOL;
1181    Value :CRYPT_OBJID_BLOB;
1182  end;
1183
1184//+-------------------------------------------------------------------------
1185//  AttributeTypeValue
1186//
1187//  Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
1188//--------------------------------------------------------------------------
1189
1190type
1191  PCRYPT_ATTRIBUTE_TYPE_VALUE =^CRYPT_ATTRIBUTE_TYPE_VALUE;
1192  CRYPT_ATTRIBUTE_TYPE_VALUE = record
1193    pszObjId :LPSTR;
1194    Value :CRYPT_OBJID_BLOB;
1195  end;
1196
1197//+-------------------------------------------------------------------------
1198//  Attributes
1199//
1200//  Where the Value's PATTR_BLOBs are in their encoded representation.
1201//--------------------------------------------------------------------------
1202
1203type
1204  PCRYPT_ATTRIBUTE = ^CRYPT_ATTRIBUTE;
1205  CRYPT_ATTRIBUTE = record
1206     pszObjId :LPSTR;
1207     cValue :DWORD;
1208     rgValue :PCRYPT_ATTR_BLOB;
1209  end;
1210
1211type
1212  PCRYPT_ATTRIBUTES =^CRYPT_ATTRIBUTES;
1213  CRYPT_ATTRIBUTES = record
1214    cAttr  :DWORD; {IN}
1215    rgAttr :PCRYPT_ATTRIBUTE; {IN}
1216  end;
1217
1218//+-------------------------------------------------------------------------
1219//  Attributes making up a Relative Distinguished Name (CERT_RDN)
1220//
1221//  The interpretation of the Value depends on the dwValueType.
1222//  See below for a list of the types.
1223//--------------------------------------------------------------------------
1224
1225type
1226  PCERT_RDN_ATTR = ^CERT_RDN_ATTR;
1227  CERT_RDN_ATTR = record
1228    pszObjId :LPSTR;
1229    dwValueType :DWORD;
1230    Value :CERT_RDN_VALUE_BLOB;
1231  end;
1232
1233//+-------------------------------------------------------------------------
1234//  CERT_RDN attribute Object Identifiers
1235//--------------------------------------------------------------------------
1236// Labeling attribute types:
1237const 
1238  szOID_COMMON_NAME          = '2.5.4.3';  // case-ignore string
1239  szOID_SUR_NAME             = '2.5.4.4';  // case-ignore string
1240  szOID_DEVICE_SERIAL_NUMBER = '2.5.4.5';  // printable string
1241
1242// Geographic attribute types:
1243  szOID_COUNTRY_NAME            = '2.5.4.6';  // printable 2char string
1244  szOID_LOCALITY_NAME           = '2.5.4.7';  // case-ignore string
1245  szOID_STATE_OR_PROVINCE_NAME  = '2.5.4.8';  // case-ignore string
1246  szOID_STREET_ADDRESS          = '2.5.4.9';  // case-ignore string
1247
1248// Organizational attribute types:
1249  szOID_ORGANIZATION_NAME          = '2.5.4.10';// case-ignore string
1250  szOID_ORGANIZATIONAL_UNIT_NAME   = '2.5.4.11'; // case-ignore string
1251  szOID_TITLE                      = '2.5.4.12'; // case-ignore string
1252
1253// Explanatory attribute types:
1254  szOID_DESCRIPTION          = '2.5.4.13'; // case-ignore string
1255  szOID_SEARCH_GUIDE         = '2.5.4.14';
1256  szOID_BUSINESS_CATEGORY    = '2.5.4.15'; // case-ignore string
1257
1258// Postal addressing attribute types:
1259  szOID_POSTAL_ADDRESS       = '2.5.4.16';
1260  szOID_POSTAL_CODE          = '2.5.4.17'; // case-ignore string
1261  szOID_POST_OFFICE_BOX      = '2.5.4.18'; // case-ignore string
1262  szOID_PHYSICAL_DELIVERY_OFFICE_NAME = '2.5.4.19'; // case-ignore string
1263
1264// Telecommunications addressing attribute types:
1265  szOID_TELEPHONE_NUMBER              = '2.5.4.20'; // telephone number
1266  szOID_TELEX_NUMBER                  = '2.5.4.21';
1267  szOID_TELETEXT_TERMINAL_IDENTIFIER  = '2.5.4.22';
1268  szOID_FACSIMILE_TELEPHONE_NUMBER    = '2.5.4.23';
1269  szOID_X21_ADDRESS                   = '2.5.4.24'; // numeric string
1270  szOID_INTERNATIONAL_ISDN_NUMBER     = '2.5.4.25'; // numeric string
1271  szOID_REGISTERED_ADDRESS            = '2.5.4.26';
1272  szOID_DESTINATION_INDICATOR         = '2.5.4.27'; // printable string
1273
1274// Preference attribute types:
1275  szOID_PREFERRED_DELIVERY_METHOD     = '2.5.4.28';
1276
1277// OSI application attribute types:
1278  szOID_PRESENTATION_ADDRESS          = '2.5.4.29';
1279  szOID_SUPPORTED_APPLICATION_CONTEXT = '2.5.4.30';
1280
1281// Relational application attribute types:
1282  szOID_MEMBER                        = '2.5.4.31';
1283  szOID_OWNER                         = '2.5.4.32';
1284  szOID_ROLE_OCCUPANT                 = '2.5.4.33';
1285  szOID_SEE_ALSO                      = '2.5.4.34';
1286
1287// Security attribute types:
1288  szOID_USER_PASSWORD                 = '2.5.4.35';
1289  szOID_USER_CERTIFICATE              = '2.5.4.36';
1290  szOID_CA_CERTIFICATE                = '2.5.4.37';
1291  szOID_AUTHORITY_REVOCATION_LIST     = '2.5.4.38';
1292  szOID_CERTIFICATE_REVOCATION_LIST   = '2.5.4.39';
1293  szOID_CROSS_CERTIFICATE_PAIR        = '2.5.4.40';
1294
1295// Undocumented attribute types???
1296//#define szOID_???                         '2.5.4.41'
1297  szOID_GIVEN_NAME                    = '2.5.4.42'; // case-ignore string
1298  szOID_INITIALS                      = '2.5.4.43'; // case-ignore string
1299
1300// Pilot user attribute types:
1301  szOID_DOMAIN_COMPONENT      = '0.9.2342.19200300.100.1.25'; // IA5 string
1302
1303//+-------------------------------------------------------------------------
1304//  CERT_RDN Attribute Value Types
1305//
1306//  For RDN_ENCODED_BLOB, the Value's CERT_RDN_VALUE_BLOB is in its encoded
1307//  representation. Otherwise, its an array of bytes.
1308//
1309//  For all CERT_RDN types, Value.cbData is always the number of bytes, not
1310//  necessarily the number of elements in the string. For instance,
1311//  RDN_UNIVERSAL_STRING is an array of ints (cbData == intCnt * 4) and
1312//  RDN_BMP_STRING is an array of unsigned shorts (cbData == ushortCnt * 2).
1313//
1314//  For CertDecodeName, two 0 bytes are always appended to the end of the
1315//  string (ensures a CHAR or WCHAR string is null terminated).
1316//  These added 0 bytes are't included in the BLOB.cbData.
1317//--------------------------------------------------------------------------
1318
1319const 
1320  CERT_RDN_ANY_TYPE             = 0;
1321  CERT_RDN_ENCODED_BLOB         = 1;
1322  CERT_RDN_OCTET_STRING         = 2;
1323  CERT_RDN_NUMERIC_STRING       = 3;
1324  CERT_RDN_PRINTABLE_STRING     = 4;
1325  CERT_RDN_TELETEX_STRING       = 5;
1326  CERT_RDN_T61_STRING           = 5;
1327  CERT_RDN_VIDEOTEX_STRING      = 6;
1328  CERT_RDN_IA5_STRING           = 7;
1329  CERT_RDN_GRAPHIC_STRING       = 8;
1330  CERT_RDN_VISIBLE_STRING       = 9;
1331  CERT_RDN_ISO646_STRING        = 9;
1332  CERT_RDN_GENERAL_STRING       = 10;
1333  CERT_RDN_UNIVERSAL_STRING     = 11;
1334  CERT_RDN_INT4_STRING          = 11;
1335  CERT_RDN_BMP_STRING           = 12;
1336  CERT_RDN_UNICODE_STRING       = 12;
1337
1338
1339// Macro to check that the dwValueType is a character string and not an
1340// encoded blob or octet string
1341function IS_CERT_RDN_CHAR_STRING(X :DWORD) :BOOL;
1342
1343//+-------------------------------------------------------------------------
1344//  A CERT_RDN consists of an array of the above attributes
1345//--------------------------------------------------------------------------
1346
1347type
1348  PCERT_RDN = ^CERT_RDN;
1349  CERT_RDN = record
1350    cRDNAttr :DWORD;
1351    rgRDNAttr :PCERT_RDN_ATTR;
1352  end;
1353
1354//+-------------------------------------------------------------------------
1355//  Information stored in a subject's or issuer's name. The information
1356//  is represented as an array of the above RDNs.
1357//--------------------------------------------------------------------------
1358
1359type
1360  PCERT_NAME_INFO = ^CERT_NAME_INFO;
1361  CERT_NAME_INFO = record
1362    cRDN :DWORD;
1363    rgRDN :PCERT_RDN;
1364  end;
1365
1366//+-------------------------------------------------------------------------
1367//  Name attribute value without the Object Identifier
1368//
1369//  The interpretation of the Value depends on the dwValueType.
1370//  See above for a list of the types.
1371//--------------------------------------------------------------------------
1372
1373type
1374  PCERT_NAME_VALUE = ^CERT_NAME_VALUE;
1375  CERT_NAME_VALUE = record
1376    dwValueType :DWORD;
1377    Value :CERT_RDN_VALUE_BLOB;
1378  end;
1379
1380//+-------------------------------------------------------------------------
1381//  Public Key Info
1382//
1383//  The PublicKey is the encoded representation of the information as it is
1384//  stored in the bit string
1385//--------------------------------------------------------------------------
1386
1387type
1388  PCERT_PUBLIC_KEY_INFO = ^CERT_PUBLIC_KEY_INFO;
1389  CERT_PUBLIC_KEY_INFO = record
1390    Algorithm :CRYPT_ALGORITHM_IDENTIFIER;
1391    PublicKey :CRYPT_BIT_BLOB;
1392  end;
1393
1394const 
1395  CERT_RSA_PUBLIC_KEY_OBJID        = szOID_RSA_RSA;
1396  CERT_DEFAULT_OID_PUBLIC_KEY_SIGN = szOID_RSA_RSA;
1397  CERT_DEFAULT_OID_PUBLIC_KEY_XCHG = szOID_RSA_RSA;
1398
1399//+-------------------------------------------------------------------------
1400//  Information stored in a certificate
1401//
1402//  The Issuer, Subject, Algorithm, PublicKey and Extension BLOBs are the
1403//  encoded representation of the information.
1404//--------------------------------------------------------------------------
1405
1406type
1407  PCERT_INFO = ^CERT_INFO;
1408  CERT_INFO = record
1409    dwVersion              :DWORD;
1410    SerialNumber           :CRYPT_INTEGER_BLOB;
1411    SignatureAlgorithm     :CRYPT_ALGORITHM_IDENTIFIER;
1412    Issuer                 :CERT_NAME_BLOB;
1413    NotBefore              :TFILETIME;
1414    NotAfter               :TFILETIME;
1415    Subject                :CERT_NAME_BLOB;
1416    SubjectPublicKeyInfo   :CERT_PUBLIC_KEY_INFO;
1417    IssuerUniqueId         :CRYPT_BIT_BLOB;
1418    SubjectUniqueId        :CRYPT_BIT_BLOB;
1419    cExtension             :DWORD;
1420    rgExtension            :PCERT_EXTENSION;
1421  end;
1422
1423//+-------------------------------------------------------------------------
1424//  Certificate versions
1425//--------------------------------------------------------------------------
1426const 
1427  CERT_V1 = 0;
1428  CERT_V2 = 1;
1429  CERT_V3 = 2;
1430
1431//+-------------------------------------------------------------------------
1432//  Certificate Information Flags
1433//--------------------------------------------------------------------------
1434
1435  CERT_INFO_VERSION_FLAG                 = 1;
1436  CERT_INFO_SERIAL_NUMBER_FLAG           = 2;
1437  CERT_INFO_SIGNATURE_ALGORITHM_FLAG     = 3;
1438  CERT_INFO_ISSUER_FLAG                  = 4;
1439  CERT_INFO_NOT_BEFORE_FLAG              = 5;
1440  CERT_INFO_NOT_AFTER_FLAG               = 6;
1441  CERT_INFO_SUBJECT_FLAG                 = 7;
1442  CERT_INFO_SUBJECT_PUBLIC_KEY_INFO_FLAG = 8;
1443  CERT_INFO_ISSUER_UNIQUE_ID_FLAG        = 9;
1444  CERT_INFO_SUBJECT_UNIQUE_ID_FLAG       = 10;
1445  CERT_INFO_EXTENSION_FLAG               = 11;
1446
1447//+-------------------------------------------------------------------------
1448//  An entry in a CRL
1449//
1450//  The Extension BLOBs are the encoded representation of the information.
1451//--------------------------------------------------------------------------
1452
1453type
1454  PCRL_ENTRY = ^CRL_ENTRY;
1455  CRL_ENTRY = record
1456    SerialNumber :CRYPT_INTEGER_BLOB;
1457    RevocationDate :TFILETIME;
1458    cExtension :DWORD;
1459    rgExtension :PCERT_EXTENSION;
1460  end;
1461
1462//+-------------------------------------------------------------------------
1463//  Information stored in a CRL
1464//
1465//  The Issuer, Algorithm and Extension BLOBs are the encoded
1466//  representation of the information.
1467//--------------------------------------------------------------------------
1468
1469type
1470  PCRL_INFO = ^CRL_INFO;
1471  CRL_INFO = record
1472    dwVersion           :DWORD;
1473    SignatureAlgorithm  :CRYPT_ALGORITHM_IDENTIFIER;
1474    Issuer              :CERT_NAME_BLOB;
1475    ThisUpdate          :TFILETIME;
1476    NextUpdate          :TFILETIME;
1477    cCRLEntry           :DWORD;
1478    rgCRLEntry          :PCRL_ENTRY;
1479    cExtension          :DWORD;
1480    rgExtension         :PCERT_EXTENSION;
1481  end;
1482
1483//+-------------------------------------------------------------------------
1484//  CRL versions
1485//--------------------------------------------------------------------------
1486const 
1487  CRL_V1 = 0;
1488  CRL_V2 = 1;
1489
1490//+-------------------------------------------------------------------------
1491//  Information stored in a certificate request
1492//
1493//  The Subject, Algorithm, PublicKey and Attribute BLOBs are the encoded
1494//  representation of the information.
1495//--------------------------------------------------------------------------
1496
1497type
1498  PCERT_REQUEST_INFO = ^CERT_REQUEST_INFO;
1499  CERT_REQUEST_INFO = record
1500    dwVersion            :DWORD;
1501    Subject              :CERT_NAME_BLOB;
1502    SubjectPublicKeyInfo :CERT_PUBLIC_KEY_INFO;
1503    cAttribute           :DWORD;
1504    rgAttribute          :PCRYPT_ATTRIBUTE;
1505  end;
1506
1507//+-------------------------------------------------------------------------
1508//  Certificate Request versions
1509//--------------------------------------------------------------------------
1510const CERT_REQUEST_V1 = 0;
1511
1512//+-------------------------------------------------------------------------
1513//  Information stored in Netscape's Keygen request
1514//--------------------------------------------------------------------------
1515type
1516  PCERT_KEYGEN_REQUEST_INFO = ^CERT_KEYGEN_REQUEST_INFO;
1517  CERT_KEYGEN_REQUEST_INFO = record
1518    dwVersion            :DWORD;
1519    SubjectPublicKeyInfo :CERT_PUBLIC_KEY_INFO;
1520    pwszChallengeString  :LPWSTR;        // encoded as IA5
1521  end;
1522
1523const 
1524  CERT_KEYGEN_REQUEST_V1 = 0;
1525
1526
1527//+-------------------------------------------------------------------------
1528//  Certificate, CRL, Certificate Request or Keygen Request Signed Content
1529//
1530//  The "to be signed" encoded content plus its signature. The ToBeSigned
1531//  is the encoded CERT_INFO, CRL_INFO, CERT_REQUEST_INFO or
1532//  CERT_KEYGEN_REQUEST_INFO.
1533//--------------------------------------------------------------------------
1534type
1535  PCERT_SIGNED_CONTENT_INFO = ^CERT_SIGNED_CONTENT_INFO;
1536  CERT_SIGNED_CONTENT_INFO = record
1537    ToBeSigned          :CRYPT_DER_BLOB;
1538    SignatureAlgorithm  :CRYPT_ALGORITHM_IDENTIFIER;
1539    Signature           :CRYPT_BIT_BLOB;
1540end;
1541
1542//+-------------------------------------------------------------------------
1543//  Certificate Trust List (CTL)
1544//--------------------------------------------------------------------------
1545
1546//+-------------------------------------------------------------------------
1547//  CTL Usage. Also used for EnhancedKeyUsage extension.
1548//--------------------------------------------------------------------------
1549
1550type
1551  PCTL_USAGE =^CTL_USAGE;
1552  CTL_USAGE = record
1553    cUsageIdentifier :DWORD;
1554    rgpszUsageIdentifier :PLPSTR;      // array of pszObjId
1555  end;
1556
1557type
1558  CERT_ENHKEY_USAGE = CTL_USAGE;
1559  PCERT_ENHKEY_USAGE = ^CERT_ENHKEY_USAGE;
1560
1561
1562//+-------------------------------------------------------------------------
1563//  An entry in a CTL
1564//--------------------------------------------------------------------------
1565type
1566  PCTL_ENTRY = ^CTL_ENTRY;
1567  CTL_ENTRY = record
1568    SubjectIdentifier :CRYPT_DATA_BLOB;    // For example, its hash
1569    cAttribute        :DWORD;
1570    rgAttribute       :PCRYPT_ATTRIBUTE;   // OPTIONAL
1571  end;
1572
1573//+-------------------------------------------------------------------------
1574//  Information stored in a CTL
1575//--------------------------------------------------------------------------
1576type
1577  PCTL_INFO = ^CTL_INFO;
1578  CTL_INFO = record
1579    dwVersion           :DWORD;
1580    SubjectUsage        :CTL_USAGE;
1581    ListIdentifier      :CRYPT_DATA_BLOB;     // OPTIONAL
1582    SequenceNumber      :CRYPT_INTEGER_BLOB;  // OPTIONAL
1583    ThisUpdate          :TFILETIME;
1584    NextUpdate          :TFILETIME;           // OPTIONAL
1585    SubjectAlgorithm    :CRYPT_ALGORITHM_IDENTIFIER;
1586    cCTLEntry           :DWORD;
1587    rgCTLEntry          :PCTL_ENTRY;          // OPTIONAL
1588    cExtension          :DWORD;
1589    rgExtension         :PCERT_EXTENSION;     // OPTIONAL
1590  end;
1591
1592//+-------------------------------------------------------------------------
1593//  CTL versions
1594//--------------------------------------------------------------------------
1595const 
1596  CTL_V1 = 0;
1597
1598//+-------------------------------------------------------------------------
1599//  TimeStamp Request
1600//
1601//  The pszTimeStamp is the OID for the Time type requested
1602//  The pszContentType is the Content Type OID for the content, usually DATA
1603//  The Content is a un-decoded blob
1604//--------------------------------------------------------------------------
1605
1606type
1607  PCRYPT_TIME_STAMP_REQUEST_INFO = ^CRYPT_TIME_STAMP_REQUEST_INFO;
1608  CRYPT_TIME_STAMP_REQUEST_INFO = record
1609    pszTimeStampAlgorithm :LPSTR;   // pszObjId
1610    pszContentType        :LPSTR;   // pszObjId
1611    Content               :CRYPT_OBJID_BLOB;
1612    cAttribute            :DWORD;
1613    rgAttribute           :PCRYPT_ATTRIBUTE;
1614  end;
1615
1616//+-------------------------------------------------------------------------
1617//  Certificate and Message encoding types
1618//
1619//  The encoding type is a DWORD containing both the certificate and message
1620//  encoding types. The certificate encoding type is stored in the LOWORD.
1621//  The message encoding type is stored in the HIWORD. Some functions or
1622//  structure fields require only one of the encoding types. The following
1623//  naming convention is used to indicate which encoding type(s) are
1624//  required:
1625//      dwEncodingType              (both encoding types are required)
1626//      dwMsgAndCertEncodingType    (both encoding types are required)
1627//      dwMsgEncodingType           (only msg encoding type is required)
1628//      dwCertEncodingType          (only cert encoding type is required)
1629//
1630//  Its always acceptable to specify both.
1631//--------------------------------------------------------------------------
1632
1633const 
1634  CERT_ENCODING_TYPE_MASK = $0000FFFF;
1635  CMSG_ENCODING_TYPE_MASK = $FFFF0000;
1636
1637//#define GET_CERT_ENCODING_TYPE(X)   (X & CERT_ENCODING_TYPE_MASK)
1638//#define GET_CMSG_ENCODING_TYPE(X)   (X & CMSG_ENCODING_TYPE_MASK)
1639function GET_CERT_ENCODING_TYPE(X :DWORD):DWORD;
1640function GET_CMSG_ENCODING_TYPE(X :DWORD):DWORD;
1641
1642const 
1643  CRYPT_ASN_ENCODING  = $00000001;
1644  CRYPT_NDR_ENCODING = $00000002;
1645  X509_ASN_ENCODING = $00000001;
1646  X509_NDR_ENCODING = $00000002;
1647  PKCS_7_ASN_ENCODING = $00010000;
1648  PKCS_7_NDR_ENCODING = $00020000;
1649
1650//+-------------------------------------------------------------------------
1651//  format the specified data structure according to the certificate
1652//  encoding type.
1653//
1654//--------------------------------------------------------------------------
1655
1656function CryptFormatObject(dwCertEncodingType :DWORD;
1657                           dwFormatType       :DWORD;
1658                           dwFormatStrType    :DWORD;
1659                           pFormatStruct      :PVOID;
1660                           lpszStructType     :LPCSTR;
1661                     const pbEncoded          :PBYTE;
1662                           cbEncoded          :DWORD;
1663                           pbFormat           :PVOID;
1664                           pcbFormat          :PDWORD):BOOL ; stdcall;
1665
1666//+-------------------------------------------------------------------------
1667//  Encode / decode the specified data structure according to the certificate
1668//  encoding type.
1669//
1670//  See below for a list of the predefined data structures.
1671//--------------------------------------------------------------------------
1672
1673function CryptEncodeObject(dwCertEncodingType :DWORD;
1674                           lpszStructType     :LPCSTR;
1675                     const pvStructInfo       :PVOID;
1676                           pbEncoded          :PBYTE;
1677                           pcbEncoded         :PDWORD ):BOOL ; stdcall;
1678
1679function CryptDecodeObject(dwCertEncodingType :DWORD;
1680                           lpszStructType     :LPCSTR;
1681                     const pbEncoded          :PBYTE;
1682                           cbEncoded          :DWORD;
1683                           dwFlags            :DWORD;
1684                           pvStructInfo       :PVOID;
1685                           pcbStructInfo      :PDWORD):BOOL ; stdcall;
1686
1687// When the following flag is set the nocopy optimization is enabled.
1688// This optimization where appropriate, updates the pvStructInfo fields
1689// to point to content residing within pbEncoded instead of making a copy
1690// of and appending to pvStructInfo.
1691//
1692// Note, when set, pbEncoded can't be freed until pvStructInfo is freed.
1693const 
1694  CRYPT_DECODE_NOCOPY_FLAG = $1;
1695
1696//+-------------------------------------------------------------------------
1697//  Predefined X509 certificate data structures that can be encoded / decoded.
1698//--------------------------------------------------------------------------
1699  CRYPT_ENCODE_DECODE_NONE         = 0;
1700  X509_CERT                        = (LPCSTR(1));
1701  X509_CERT_TO_BE_SIGNED           = (LPCSTR(2));
1702  X509_CERT_CRL_TO_BE_SIGNED       = (LPCSTR(3));
1703  X509_CERT_REQUEST_TO_BE_SIGNED   = (LPCSTR(4));
1704  X509_EXTENSIONS                  = (LPCSTR(5));
1705  X509_NAME_VALUE                  = (LPCSTR(6));
1706  X509_NAME                        = (LPCSTR(7));
1707  X509_PUBLIC_KEY_INFO             = (LPCSTR(8));
1708
1709//+-------------------------------------------------------------------------
1710//  Predefined X509 certificate extension data structures that can be
1711//  encoded / decoded.
1712//--------------------------------------------------------------------------
1713  X509_AUTHORITY_KEY_ID            = (LPCSTR(9));
1714  X509_KEY_ATTRIBUTES              = (LPCSTR(10));
1715  X509_KEY_USAGE_RESTRICTION